Enable Notes federated login to allow Notes clients users to start Notes and perform
secure operations without being prompted for a Notes ID password.
Before you begin
Complete the following prerequisites:
Procedure
- In the Domino Directory,
open the existing Security Settings policy for users of your organization’s
ID vault.
- On the ID Vault tab, make sure there
is an assigned vault.
- Select the tab.
- Select Yes for Enable Notes federated login
with SAML IdP.
- For client users who have upgraded to 9.0.1 Social Edition,
when the policy is initially being deployed, under Additional
settings for Federated Login (Notes or Web), select Yes
for Allow password authentication with the ID vault.
Tip: After a user has been verified to be working
with federated login, it is a recommended security improvement to
change Allow password authentication with the ID vault to
No. When password authentication with the ID vault is not allowed,
the user is required to authenticate to the vault using federated
login in order to download the user's id for either Notes or Web use.
Because this policy setting controls both Notes and Web behavior with
the ID vault, change the setting to No only if federated login should
be used exclusively.
- Optional: Create custom messages for users
to notify them when federated login is either enabled or disabled.
- Select the Keys and Certificates tab.
- To add the Notes certifier
to the policy, click Update Links.
- Choose Selected supported and click OK.
- Click the Notes Certifiers tab, select the certificates which signed the
IDs of the Notes users, and click OK.
Note: If the IDs are signed by an Organization Unit (OU) certificate, include all certificates in
the hierarchy, including the Organizational certificate.
- Click the Internet Cross Certificates tab,
select the SSL certificate exported from either ADFS or TFIM 2.0,
and click OK.
- Optional: Enter a formula under Machine
specific formula to apply the policy to specific computers
for clients who have multiple computers.
- Save and close the security policy.